ansible-role-nginx/tasks/opensource/install-source.yml

445 lines
12 KiB
YAML

---
- name: "Check for build tools"
block:
- name: "(CentOS/RHEL 8) Setup Python 3"
block:
- name: "(CentOS/RHEL 8) Install Python 3"
yum:
name:
- python3
- python3-pip
- python3-devel
update_cache: yes
- name: "(Centos/RHEL 8) Set Python 3 as default"
alternatives:
name: python
path: /usr/bin/python3
link: /usr/bin/python
when:
- ansible_facts['os_family'] == "RedHat"
- ansible_facts['distribution_major_version'] is version('8', '==')
- name: "(Centos/RHEL) Install build tools"
yum:
name:
- "@Development tools"
- ca-certificates
- gcc
- gd
- gd-devel
- glibc
- glibc-common
- perl-core
- wget
- zlib-devel
update_cache: yes
when: ansible_facts['os_family'] == "RedHat"
- name: "(Debian) Install backports repo for 'buster'"
apt_repository:
filename: buster-backports
repo: deb http://ftp.us.debian.org/debian buster-backports main
update_cache: yes
mode: 0644
when: ansible_facts['distribution_release'] == "buster"
- name: "(Debian/Ubuntu) Install build tools"
apt:
name:
- build-essential
- checkinstall
- libtemplate-perl
- python3-minimal
- perl
- tar
- zlib1g-dev
update_cache: yes
when: ansible_facts['os_family'] == "Debian"
- name: "(Alpine Linux) Install build tools"
apk:
name:
- alpine-sdk
- build-base
- git
- openrc
- perl
- python3
- linux-headers
- tar
- wget
update_cache: yes
when: ansible_facts['os_family'] == "Alpine"
- name: "(Alpine Linux) Enable OpenRC"
copy:
content: ""
dest: /run/openrc/softlevel
force: no
owner: root
mode: 0644
when: ansible_facts['os_family'] == "Alpine"
when: nginx_install_source_build_tools | bool
- name: "Check for source installs"
block:
- name: "Check for PCRE install"
stat:
path: /tmp/{{ pcre_version }}
register: pcre_result
- name: "Check for ZLib install"
stat:
path: /tmp/{{ zlib_version }}
register: zlib_result
- name: "Check for OpenSSL install"
stat:
path: /tmp/{{ openssl_version }}
register: openssl_result
- name: "(CentOS/RHEL) Install PCRE dependency from package"
yum:
name: pcre-devel
update_cache: yes
when:
- nginx_install_source_pcre | bool
- ansible_facts['os_family'] == "RedHat"
- name: "(Debian/Ubuntu) Install PCRE dependency from package"
apt:
name: libpcre3-dev
update_cache: yes
when:
- nginx_install_source_pcre | bool
- ansible_facts['os_family'] == "Debian"
- name: "(Alpine Linux) Install PCRE dependency from package"
apk:
name: pcre-dev
update_cache: yes
when:
- nginx_install_source_pcre | bool
- ansible_facts['os_family'] == "Alpine"
- name: "Install PCRE dependence from source"
block:
- name: "Download PCRE dependency"
get_url:
url: "https://ftp.pcre.org/pub/pcre/{{ pcre_version }}.tar.gz"
dest: "/tmp/{{ pcre_version }}.tar.gz"
mode: 0600
validate_certs: >-
{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}
register: pcre_source
- name: "Unpack PCRE dependency"
unarchive:
copy: no
dest: /tmp/
src: "{{ pcre_source.dest }}"
mode: 0700
- name: "Configure PCRE dependency"
command: "./configure"
args:
chdir: "/tmp/{{ pcre_version }}"
- name: "Make PCRE dependency"
make:
chdir: "/tmp/{{ pcre_version }}"
- name: "Install PCRE dependency"
make:
chdir: "/tmp/{{ pcre_version }}"
target: install
when:
- not pcre_result.stat.exists | bool
- not nginx_install_source_pcre | bool
- name: "(Centos/RHEL) Install ZLib dependency from package"
yum:
name: zlib-devel
update_cache: yes
when:
- nginx_install_source_zlib | bool
- ansible_facts['os_family'] == "RedHat"
- name: "(Debian/Ubuntu) Install ZLib dependency from package"
apt:
name: zlib1g-dev
update_cache: true
when:
- nginx_install_source_zlib | bool
- ansible_facts['os_family'] == "Debian"
- name: "(Alpine Linux) Install ZLib dependency from package"
apk:
name: zlib-dev
update_cache: yes
when:
- nginx_install_source_zlib | bool
- ansible_facts['os_family'] == "Alpine"
- name: "Install ZLib dependency from source"
block:
- name: "Download ZLib dependency"
get_url:
url: "https://zlib.net/{{ zlib_version }}.tar.gz"
dest: "/tmp/{{ zlib_version }}.tar.gz"
mode: 0600
validate_certs: >-
{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}
register: zlib_source
- name: "Unpack ZLib dependency"
unarchive:
copy: no
dest: /tmp/
src: "{{ zlib_source.dest }}"
mode: 0700
- name: "Configure ZLib dependency"
command: "./configure"
args:
chdir: "/tmp/{{ zlib_version }}"
- name: "Make ZLib dependency"
make:
chdir: "/tmp/{{ zlib_version }}"
- name: "Install ZLib dependency"
make:
chdir: "/tmp/{{ zlib_version }}"
target: install
when:
- not zlib_result.stat.exists | bool
- not nginx_install_source_zlib | bool
- name: "(CentOS/RHEL) Install OpenSSL dependency from package"
yum:
name: openssl-devel
update_cache: yes
when:
- nginx_install_source_openssl | bool
- ansible_facts['os_family'] == "RedHat"
- name: "(Debian/Ubuntu) Install OpenSSL dependency from package"
apt:
name: libssl-dev
update_cache: yes
when:
- nginx_install_source_openssl | bool
- ansible_facts['os_family'] == "Debian"
- name: "(Alpine Linux) Install OpenSSL dependency from package"
apk:
name: openssl-dev
update_cache: yes
when:
- nginx_install_source_openssl | bool
- ansible_facts['os_family'] == "Alpine"
- name: "Install OpenSSL dependency from source"
block:
- name: "Download OpenSSL dependency"
get_url:
url: "https://www.openssl.org/source/{{ openssl_version }}.tar.gz"
dest: "/tmp/{{ openssl_version }}.tar.gz"
mode: 0600
validate_certs: >-
{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}
register: openssl_source
- name: "Unpack OpenSSL dependency"
unarchive:
copy: no
dest: /tmp/
src: "{{ openssl_source.dest }}"
mode: 0700
- name: "Configure OpenSSL dependency"
command: "./config --prefix=/usr/local/openssl --openssldir=/usr/local/openssl shared zlib"
args:
chdir: "/tmp/{{ openssl_version }}"
- name: "Make OpenSSL dependency"
make:
chdir: "/tmp/{{ openssl_version }}"
- name: "Install OpenSSL dependency"
make:
chdir: "/tmp/{{ openssl_version }}"
target: install
when:
- not openssl_result.stat.exists | bool
- not nginx_install_source_openssl | bool
- name: "Get NGINX version"
block:
- name: "Fetch NGINX version"
uri:
url: https://trac.nginx.org/nginx/browser
return_content: yes
validate_certs: >-
{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}
register: nginx_versions
- name: "Set NGINX mainline version"
set_fact:
nginx_version: "{{ nginx_versions.content | regex_search('release[^<]*') | regex_replace('release', 'nginx') }}"
when: nginx_branch == "mainline"
- name: "Set NGINX stable version 1/2"
set_fact:
nginx_version: "{{ nginx_versions.content | regex_search('stable[^<]*') | regex_replace('stable', 'release') }}"
when: nginx_branch == "stable"
- name: "Set NGINX stable version 2/2"
set_fact:
nginx_version: "{{ nginx_versions.content | regex_search(nginx_version + '[^<]*') | regex_replace('release', 'nginx') }}"
when: nginx_branch == "stable"
- name: "Set NGINX download filename"
set_fact:
nginx_download_name: "{{ nginx_version }}"
- name: "Check for NGINX install"
stat:
path: /usr/sbin/nginx
follow: yes
register: nginx_result
- name: "Add NGINX user"
user:
name: nginx
- name: "Install NGINX"
block:
- name: "Download NGINX"
get_url:
url: "https://nginx.org/download/{{ nginx_download_name }}.tar.gz"
dest: "/tmp/{{ nginx_download_name }}.tar.gz"
mode: 0600
validate_certs: >-
{{ (ansible_facts['os_family'] == 'RedHat' and ansible_facts['distribution_major_version'] is version('6', '==')) | ternary('no', 'yes') }}
register: nginx_source
- name: "Unpack NGINX"
unarchive:
copy: no
dest: /tmp/
src: "{{ nginx_source.dest }}"
mode: 0755
- name: "Configure NGINX"
command: >-
./configure
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--lock-path=/var/lock/nginx.lock
--modules-path=/usr/lib/nginx/modules
--prefix=/usr
--pid-path=/var/run/nginx.pid
--with-http_ssl_module
--with-mail=dynamic
--with-stream
{{ nginx_install_source_pcre | ternary('', '--with-pcre=../' + pcre_version) }}
{{ nginx_install_source_zlib | ternary('', '--with-zlib=../' + zlib_version) }}
{{ nginx_install_source_openssl | ternary('', '--with-openssl=../' + openssl_version) }}
args:
chdir: "/tmp/{{ nginx_version }}"
register: nginx_configure
- name: "Make NGINX"
make:
chdir: "/tmp/{{ nginx_version }}"
- name: "Install NGINX"
make:
chdir: "/tmp/{{ nginx_version }}"
target: install
- name: "Upload systemd NGINX service file"
copy:
src: services/nginx.systemd
dest: /lib/systemd/system/nginx.service
owner: root
group: root
mode: 0644
when: ansible_facts['service_mgr'] == "systemd"
- name: "Enable systemd NGINX service file"
systemd:
daemon_reload: yes
name: nginx
state: restarted
enabled: yes
when: ansible_facts['service_mgr'] == "systemd"
notify: "(Handler) Start NGINX"
- name: "Upload upstart NGINX service file"
copy:
src: services/nginx.upstart
dest: /etc/init.d/nginx
owner: root
group: root
mode: 0755
when: ansible_facts['service_mgr'] == "upstart"
- name: "Upload Upstart NGINX service conf file"
copy:
src: services/nginx.conf.upstart
dest: /etc/init/nginx.conf
owner: root
group: root
mode: 0644
when: ansible_facts['service_mgr'] == "upstart"
- name: "Enable Upstart NGINX service reload"
command: "initctl reload-configuration"
when: ansible_facts['service_mgr'] == "upstart"
- name: "Start Upstart NGINX service reload"
command: "nginx"
when: ansible_facts['service_mgr'] == "upstart"
notify: "(Handler) Start NGINX"
- name: "Upload SysVinit NGINX service file"
copy:
src: services/nginx.sysvinit
dest: /etc/init.d/nginx
owner: root
group: root
mode: 0755
when: ansible_facts['service_mgr'] == "sysvinit"
notify: "(Handler) Start NGINX"
- name: "Upload OpenRC NGINX service file"
copy:
src: services/nginx.openrc
dest: /etc/init.d/nginx
owner: root
group: root
mode: 0755
when: ansible_facts['service_mgr'] == "openrc"
- name: "Enable OpenRC NGINX service"
command: rc-update add nginx default
when: ansible_facts['service_mgr'] == "openrc"
notify: "(Handler) Start NGINX"
when: not nginx_result.stat.exists
- name: "Cleanup downloads"
file:
path: "{{ item }}"
state: absent
loop:
- "{{ pcre_source.dest }}"
- "{{ zlib_source.dest }}"
- "{{ openssl_source.dest }}"
- "{{ nginx_source.dest }}"
when: item is defined